Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-12028

Security reports return wrong CWE distribution

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      When displaying security reports, and enabling "show CWE distribution", there are some wrong entries:

      • first problem
        • if an issue is associated to a rule with CWE-1 and CWE-2
        • if category sans XXX contains CWE-1 but not CWE-2
        • then in the security report, category sans XXX will show a count of 1 issue, but in the distribution, there will be both CWE-1 and CWE-2 (both with 1 issue count)
      • second problem
        • resolved vulnerabilities/hotspots are still selected in the global query, ending possibly with CWEs with no results

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ann.campbell.2 Ann Campbell
              Reporter:
              julien.henry Julien Henry
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: